1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    JonathanLeeJ
    Squid can be configured externally, I would love a how to guide on how to do this correctly.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    DARAD
    Hello team, I have a Netgate 8200 running 24.11-RELEASE (amd64) with Suricata 7.0.8_5 package installed. Suricata doesn't seem to start. It loops to red once I press the Play button on the interface. It leaves no logs in the System logs, it leaves no logs in suricata.log at /var/log/suricata/suricata_ovpns933787/suricata.log I tried launching it manually: # /usr/local/bin/suricata -V or # /usr/local/bin/suricata -c /usr/local/etc/suricata/suricata_33787_ovpns9/suricata.yaml -i suricata_ovpns933787 and I get this output ld-elf.so.1: /usr/local/bin/suricata: Undefined symbol "__strlcpy_chk@FBSD_1.8" Thanks in advance, Dara

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    573 Topics
    3k Posts
    dennypageD
    @kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    BBcan177B
    @Draco try to goto the General Tab, first ensure that the Keep Settings option is checked. Then unchecked Enable pfBlockerNG so that its disabled. Hit save. Force Update. Then reenable pfBlockerNG and Force update.

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    102 Topics
    3k Posts
    C
    @dennypage Nicely done sir!

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    503 Topics
    3k Posts
    M
    I am using the DNS-Update method I have to use a DNS-Sleep of 5 minutes to let the letsencrypt txt dns record update propagate. During this 5 minutes the acme-webgui times out. when the acme-webgui times out the Action list is NOT executed. How can I solve this ? Would it maybe be an idea to let the acme.sh script execute the actions in the action list as a post-hook instead of the web-gui? Or maybe add an option to add post-hooks in the webUI ?

  • Discussions about the FRR Dynamic Routing package on pfSense

    296 Topics
    1k Posts
    C
    This one has been tricky still not sure what to try. Any ideas?

  • Discussions about the Tailscale package

    93 Topics
    656 Posts
    C
    @elvisimprsntr Updated 25.07.1 to 1.90.6_1, copied and pasted from @elvisimprsntr's post: pkg add -f https://pkg.freebsd.org/FreeBSD:15:amd64/latest/All/tailscale-1.90.6_1.pkg (Why it worked this time and not on previous updates: Over the last couple of days, I ran into the "Shared object "libutil.so.10, not found..." error that triggered the version 25.07.1 update issues some of us have been having. After I fixed that error, I decided to go back to the usual update method, and it worked.)

  • Discussions about WireGuard

    716 Topics
    4k Posts
    chpalmerC
    @tinfoilmatt Thanks! I have done that and it worked when forcing just her TV out the Centurylink.. My problem is my local box here. Im missing something because I can not get it to pass traffic from the WAN to the Wireguard tunnel. Ive got some time today so will chip away on my lab setup to see if I can finally accomplish it here first.
Log in to post
Load new posts
  • H

    Bug Pfsense 2.4.1 Freeradius 0.15.1 OTP Google Authentcation is not working

    8
    0 Votes
    8 Posts
    3k Views
    B
    This is what happens when the Shared Secret key does now match ;)
  • O

    Configure NUT to only monitor and do nothing?

    2
    0 Votes
    2 Posts
    665 Views
    dennypageD
    You cannot configure NUT such that it will not attempt to perform a shutdown. You could configure a shutdown command that doesn't do anything by adding the following line in the "Additional configuration lines for upsmon.conf" section: SHUTDOWNCMD /bin/echo Note however that NUT will still do everything but shutting down the system, including shutting down any slaves. I'm also unclear on how NUT will behave following the attempted shutdown. You may have to restart the service. In general however, I would not recommend the approach of trying to split the UPS between apcupsd and NUT. If you want NUT's monitoring, use NUT for the shutdown.
  • G

    FreeRADIUS 3.x package NTLM problem

    13
    0 Votes
    13 Posts
    4k Views
    A
    @Zizi: Hi, today I've set up freeradius3 for WPA-EAP, an it is working, but only with "clear text passwords". If I change it to "MD5 Password", I get error "mschap: FAILED: No NT/LM-Password. Cannot perform authentication" Is there any way to use non clear text password storage with working WPA-EAP? Same here.
  • M

    Email notifications fail - Service Watchdog

    6
    0 Votes
    6 Posts
    2k Views
    GertjanG
    @Mateh: Indeed. pfSense 2.4.3 running Service_Watchdogs 1.8.4. Settings from Notifications: E-Mail server: smtp.mailgun.org SMTP Port of e-Mail server: 465 Secure SMTP Connection: [tick] From e-mail address: my@email.com Notification E-mail address: my@email.com Notification E-Mail auth username: my@login.email Notification E-Mail auth password: mypass Notification E-Mail auth mechanism: PLAIN Looks fine to me. I have exactly the same thing, with one difference : I'm not using some mail supplier, but my own mail server on a delicate server on the Internet (so I have full control on both sides). You are using the right port (465 - which uses TLS from start) and you are identifying yourself correctly. If this goes wrong ones in a while, answers should by found by the one running "smtp.mailgun.com".
  • F

    Problem with freeradius

    2
    0 Votes
    2 Posts
    608 Views
    GertjanG
    Your last image : as per https://doc.pfsense.org/index.php/Using_Captive_Portal_with_FreeRADIUS - Section : Amount of Traffic the option "re-authenticate users every minute" should be set so the user gets disconnected. Otherwise your limit of "1200" (Mbytes) will not work … What I did to check / debug all this : I read this : https://doc.pfsense.org/index.php/Testing_FreeRADIUS This : https://doc.pfsense.org/index.php/Additional_Logging_for_FreeRADIUS (written for 2.x but useful). Also : when your setup is ok, goto    Status => Services STOP the radius daemon. Acces the console. Take option 8 - SSH access. Type``` radiusd -h Read … Find the option -X Use it ! Start radfius by hand using **radiusd -X** (or **radiusd -X -xx**) Now you have all the info - there should be no red lines. Keep this console window open. Now login with a user on the captive portal. The entire login info will be laid out, and it's easy to find what went wrong. Questions about what being shown , Normal. Radius is not some small program, it's huge, took me days of just reading this one https://fr.wikipedia.org/wiki/FreeRADIUS and many others. With manuals, Radius (FreeRadius) is useless. > I added a cronjobe << 0 0 * * * root / bin / rm / var / log / radacct / datacounter / day / used-bytes - * >> This won't work  :) For example, "day" doesn't exist. See image for my cron entries, I used the the cron package of course. ![cron.PNG_thumb](/public/_imported_attachments_/1/cron.PNG_thumb) ![cron.PNG](/public/_imported_attachments_/1/cron.PNG)
  • M

    WPAD error

    1
    0 Votes
    1 Posts
    536 Views
    No one has replied
  • D

    Telegraf / Influxdb

    2
    0 Votes
    2 Posts
    1k Views
    C
    Duplicate of https://forum.pfsense.org/index.php?topic=145991.msg796861#msg796861 and it's an upstream issue: https://redmine.pfsense.org/issues/8425#change-36362
  • A

    No Samba package on Pfsense?

    18
    0 Votes
    18 Posts
    3k Views
    ScottyDMS
    Forget pfSense and use FreeNAS instead. It too is built on FreeBSD. However FreeNAS needs RAM–8 GB minimum.
  • A

    Clamd problem

    1
    0 Votes
    1 Posts
    325 Views
    No one has replied
  • J

    Blocked Domain Reporting with Ntop

    1
    0 Votes
    1 Posts
    527 Views
    No one has replied
  • K

    FreeRadius3 EAP-TLS error

    4
    0 Votes
    4 Posts
    2k Views
    P
    this works, but revocation will not work. so if you revoke a cert, the authentication will still pass.  If you want to be able to revoke certs, and have free radius honor that, then follow what worked for me: I have found the workaround solutions posted in the forums, for free radius and a functioning CRL, do not quite work. The workarounds listed: https://sites.google.com/site/techbobbins/home/articles/freeradius-and-crls semi work.  The problem is, the manual changes are wiped away easily.  i.e. a change in the radius config (i.e. a user attribute), will cause the radius.conf and the cert files to be overwritten.  A little background on my system: -Free radius v3 -pfsense v2.42 p1 Now, i think i may have found a workaround, that is "sticky".  It follows the same method as listed in this thread (https://sites.google.com/site/techbobbins/home/articles/freeradius-and-crls), but instead of appending the CA/CRL in the same file via the CAT command, append the CRL via the pfsense GUI to the CA cert body.  This way, every time you reload freeradius, it reads form the PFSENSE Cert files, and now everything works. Also, i found if you configure sub CA's, free radius has issues with that.  So, a work around for that, is to: -create your root CA -create sub CA -create crl for sub ca -then, "import" a CA.  the cert body will be the root->sub->crl -create free radius server cert -in free radius, use the "import" CA, and the free radius server cert ..i found if you dont do this, free radius will error with error 19, self signed in the chain.  Understand the reason to use sub certs is for security, as i understand root CA's are designed to create sub CA's, not user or server certs.  This way, if sub CA is copromised, you dont have to recreate cert chain, just that particular sub ca. I dont claim to be a PKI expert, but the above worked for me. –-note, for revocation to work, you will have to re-paste the CRL info back into the "import" cert, and restart radius.  note, that restarting radius via the GUI, i.e services click the restart gear, does not work.  I found i needed to make a change to free radius, i.e change a setting in the eap config, save it, then set it back, svae it.  this seems to trigger a true radius restart. hope this helps
  • J

    CollectD goes off

    1
    0 Votes
    1 Posts
    575 Views
    No one has replied
  • R

    Manually loading packages

    2
    0 Votes
    2 Posts
    528 Views
    GertjanG
    @robert.herrmann: I am a noob using pfSense and freebsd, so please be gentle. pfSense is using FreeBSD is it's base OS. But differences exists : one of them is the package handling. @robert.herrmann: I have a pfSense installation running version 2.4.1.  This system does not have access to the internet.  :( Wait … Your posting on a public forum, right ? Bring your system along the next time - update - upgrade - done. @robert.herrmann: I would like to install freeradius but am struggling.  I have managed to download the .pbi (freeradius-2.2.5_3-i386.pbi) and get it copied into pfSense machine into the /tmp directory.  But I cannot seem to find a way to install this. This situation was mentioned some time ago. I guess it was completely abandoned. I guess you have to connect  it at least ones …. edit : wait ! I guess it possible - it probably a manual job, not or very badly documented. Get out of the noob phase and you'll be fine. I asked the world for advise ( pfsense install package without internet connection ) - it came back with https://forum.pfsense.org/index.php?topic=130966.0
  • J

    Pls develop this pkg for VPN proxy detection

    3
    0 Votes
    3 Posts
    773 Views
    J
    Thank you! I will take a look
  • Z

    FreeRadius 3 and OTP

    5
    0 Votes
    5 Posts
    3k Views
    S
    Hi there, I just registered to comment that I got OTP to work with PAP protocol only. Set it up in System > User Manager > Authentication Servers > your FreeRADIUS auth server > Server Settings > Protocol: PAP. Note that MS-CHAPv2 is the default option. I hope this helps someone!
  • SammyWooS

    SOLUTION: apcupsd to Minisys (ProtectLI) and APC Smart Serial Interface

    1
    0 Votes
    1 Posts
    871 Views
    No one has replied
  • S

    Stunnel enhancement.

    1
    0 Votes
    1 Posts
    583 Views
    No one has replied
  • B

    Block internet access for kids, but allow FaceTime (on port 80)

    11
    0 Votes
    11 Posts
    2k Views
    NogBadTheBadN
    Seems to work protocol any. I'd do the schedule like my second attachment, where 172.16.3.100 is the iDevice IP or an alias that contains multiple IP addresses. [image: Untitled.jpg] [image: Untitled.jpg_thumb] [image: Untitled.jpg_thumb] [image: Untitled.jpg]
  • B

    Mail Relay versus port forwarding

    4
    0 Votes
    4 Posts
    1k Views
    B
    @biggsy: I agree with pete35.  I used to run the postfix package on the firewall but there are some good reasons not to do that. What are the good reasons out of interest ? BA
  • D

    FreeRadius 3.x pfSense authentication with MD5-Password

    1
    0 Votes
    1 Posts
    598 Views
    No one has replied
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.